1.) Change your keyboard and reboot to run level 3 (network without graphical login)
First, login as:
Please, do not change the root password for any reason
user: root
password: SANOG2K4
First we'll change the keyboard to UK English. Open a terminal window, and in the terminal do the following:
cd /etc/X11You should see a line like this:
vi XF86Config
:65
"Option "XkbLayout" "uk"
Move your cursor to the "u" and press "x" twice.Now, we'll change to run level 3 (no GUI). Type:
Now press "i" to change the edit mode to "insert".
Type "es"
Press the "Esc" key
Type ":wq" and
/sbin/telinit 3
2.) Practice with basic commands
Be careful in this exercise. Running as root means that you can easily damage your system. If you are not sure of a command ask the instructor or helpers before continuing.
The first command that we are going to use is "man", this is short for "man"ual. Read about each command to see the range of options that exist. Do the following:
man cpAfter do the same, but now use "info" like this:
man cd
man ls
man mv
man rm
info cpIf you have problems exiting from "man" press the "q" key. Also, you can use the keyboard arrows to move around in the descriptions.
info cd
info ls
info mv
info rm
Now we are ready to practice a bit with the commands:
cd /What's going on here? If you don't understand, ask.
ls
ls -la
cd /tmp
cd ..
cd tmp
touch text.txtWhat's happening now? Respond "yes" or "y".
cp text.txt new.txt
mv text.txt new.txt
cp text.txt /root/.Do you understand that you can do "cd /root", or "cd .." and after "cd root" or "cd /root", and in the end you'll arrive to the same directory?
cd ../root
Now play with the use of the tab key. For example, in /root start to type the first part of the command "cp text.txt text.txt.bak" - then, type:
cp teThe tab key makes life much easier. Now type:
cp text.txt te
cp text.txt text.txt.bak
mkdir tmpFinally, we are going to remove the directory that contains the two archives.
mv text.* tmp/.
ls
cd tmpYou can force this using a command like this:
rm *
cd ..
rmdir tmp
rm -rf tmpThe use of "rm -rf" is very dangerous!, and, naturally, very useful. For example, if you are "root" and you type "rm -rf /*" this would be the end of your server. This commands says "remove, forcibly and recursively, everything" - Or, if you start in the root directory (/), remove all files and directories without asking on the entire server. If you want to use "rm -rf *" always take a deep breath and check where you are first (really, do this!):
pwdFirst this says in what directory you are. If you are mistaken, then you have the opportunity to not remove files that you might really need.
3.) Practice with more commands
As you can see from the presentation there are many, many commands to be used under Linux. If you go to the directories /bin, /usr/bin, /sbin, /usr/sbin, /usr/local/bin, etc. you can see hundreds of files that are programs - many of these are user and system commands. The /bin directory has the critical commands for the operating system. The directory /sbin has, in general, commands that only root runs, or that root con root to make changes (like /sbin/ifconfig).
To start, do the following:
cd /binAnd, now read about some of these commands. For example:
ls
man dmesgWith care play with the commands listed in the presentation, and/or with commands you find in the directories mentioned. I strongly recommend that you read about any command before trying to run it (i.e. "man command").
4.) Searching for more information about your system
If you want to see the contents of a file there are three typical ways to do this:
catThe "less" command has more functionality, but does not work with all files. The command "cat" will show the contents of a file in all cases. The "more" command is like cat, but pauses after each page. .
less
more
Test this using the three command using them with an information archive like:
cd /etcIf you don't understand what each file is more use "man" - For example, you can type:
cat motd
more services
less services (you can exit with "q")
man modules.confIf you have any questions ask the instructor or one of the class helpers.
man XF86Config
man fstab
5.) Create a file and use vi to edit it
Now we are going to open an empty file and add some text to it. The vi editor has a data entry mode and a command mode. You can go between modes by using the ESCape key. You must go in to data entry mode before you can begin to enter text in a file opened using vi. Let's do the following:
cd /rootNow you are in vi. Press the "i" key to enter in to "i"nput mode.
touch workshop.txt
vi workshop.txt
Type something like, "Isn't vi great? I think I'm going to use it instead of Microsoft Word from now on."
Press
Now, remembering the following:
Play with the movement. Move your cursor to al ine with text and see what happens if you press "w" or "W" or "b" or "B" - remember, if you are in input mode press "ESC"ape to change to command mode.
Now press "/" and type in a word that is in th edocument and press
Do the same but press "?" at first. Use "ESC"ape to start again if necessary.
To save the file press ":" and afterwords type "w" and press
To save and exit do:
6.) Create a new userid
In a terminal window type:
7.) Give priviliges to your userid
There are two ways to do this. First do the following:
One way to give privileges is to place your userid in the "wheel" group (/usr/sbin/usermod userid -G wheel), but the userid "wheel" does not exist, thus you cannot do this yet. Better, let's do this for now:
Under the entry for root add:
8.) Commands - programs - shell - path
For this exercise you should be in a shell that is not root. From a root shell you can do:
First we are going to create a script that resides outside of any directories listed in your PATH. Note that /home/userid/bin is a common practice for items you wish to run for your account only (Fedora Core 2 includes this by default in your .bash_profile), so we're creating "scripts" to show how this concept works.
Be sure you save the file (:wq), then to ensure that you can execute the file use the command:
Now we'll add the new "bin" directory to your PATH:
"PATH=$PATH:$HOME/bin"
And change it so that it reads:
"PATH=$PATH:$HOME/bin:/home/userid/scripts
Save the file and in a terminal do:
Every time you open a bash terminal the file .bash_profile will run, so from now on /home/userid/scripts will be in your PATH. Note that the last directory that will be searched for an item will be /home/userid/scripts, thus if you were to copy "hello.sh" to /home/userid/bin and change the file, then that version of hello.sh would run and not the one in /home/userid/scripts. If you don't understand this please ask the instructor or class helper for help.
Finally, if you wish to change something like the PATH for everyone you can update PATH in /etc/profile, but this is not always the best idea... Or, you can update the files (like .bash_profile) in /etc/skel and then each time a new userid is created they'll get the updated .bash_profile and the new PATH statement from that point on.
To finish we'll change the command "rm" to make is a bit more secure. Do the following:
Now, exit and save the file (:wq). After this type:
8.) Using su and sudo some more
You have already used "su" to change your session to be root. Also, if you are a different user, but you have the right to use su (see /etc/sudoers again) you can change to any user. For example, from root do:
10.) Get information about an RPM package
We can get information about RPM software packages that are already installed. For example, let's find out exactly what version of sendmail we have installed:
Depending on what was installed. You might see more if additional sendmail components were installed. We are interested in the primary sendmail package, which is sendmail-8.12.11-4.6. To see a description of this package and then where all the associated files for this package were installed do the following:
If you want to have an alphabetical list of all RPMs installed on your system you can do this (we'll put this in /tmp for now):
11.) Download and install lynx
Now we'll install the lynx web browser RPM package. Lynx is a browser that works in text mode. Lynx can be very useful when you need web information, but you don't want to, or cannot, start a browser like Netscape/Mozilla, Konquerer, Opera, etc. Also, if you run your server at initialization level 3 you will not have access to a graphical browser.
We'll use FTP to connect to our NOC (Network Operations Center) that we are using in the classroom. We'll connect as userid "anonymous" and we'll download the file "lynx-2.8.5-15.i386.rpm" to the directory /usr/local/src. For this example you should run as root.
12.) Shutdown and restart
In this exercise you need to be root. It's better to close programs that have open files, like Mozilla, vi, etc., but it's not necessary. Before continuing read the man pages for shutdown:
We'll mention this again in our security talk.
13.) Change your run level
From now one we'll set our PCs to no longer run an XWindows environment when they startup. To do this is quite easy:
And change the "5" to a "3". Save the file and restart your machine.
If you are running a server, then you probably don't want XWindows running. XWindows/GUI usually include XFree86, Gnome, KDE, etc. - not installing or running these saves on disk space, RAM, etc.
14.) Turn off, start, and remove a service
Open up a terminal as root.
Type:
First we'll turn off portmap and then start it again:
This line is very important. It says that portmap should run in level 3, 4, and 5. And, in the levels where it does not run it stops in the order "87" - or, later as this is close to 99 (in general, the last service number). And, that it starts in order number "13" in run levels 3, 4, and 5. Thus, it starts before 14, but stops after 86. Looks at the directories /etc/rc.d/rc2.d and /etc/rc.d/rc3.d and search for the files "K87portmap" and "S13portmap". They won't exist if portmap is not set to run. To do this:
Now we'll remove the portmap service. First we'll run chkconfig without any options to see what it accepts:
Now let's specify specific level at which to run portmap (just temporarily):
And, to finish, let's turn off portmap and rpc.statd, and remove them as services that run at system startup. First, what service runs rpc.statd? There is no file named "rpc" or "statd". We are going to look for this by doing:
OK, now let's turn off portmap (already done) and nfslock, and let's keep them from running at the next system boot:
Open: vi fn, vi -r fn, vi + fn, vi +n fn, vi +/pat fn
Close: :w, :wq, :q, :q!
Movement: h,j,k,l, y w, W, b, B, :n
Edit: i, o, x, D, dd, yy, p
Search: /pattern, ?pattern, n, N
:wq
To exit without saving anything and lose all your changes that you have made you can do:
:q!
But, try to save something. Practive saving, exiting, starting vi, etc...
useradd "userid"
Choose the name that you want for the "userid". Now we have to give a password to the user. Pick a good password (more than 7 characters, no words, mixed with symbols, numbers, and/or letters in upper and lower-case). To create the password type:
passwd "userid"
And, follow the instructions on the screen. Now the userid exists. Exit your current "root" session and log back in as your new userid. After you have done a "logout" and "login" open a terminal window and do the following commands:
ls -lah
What did you notice between your userid's directory and the /etc/skel directory? Did you notice all the options for running the useradd command? It's possible to write a script to create multiple accounts quickly.
ls -lah /etc/skel
cd ..
ls
man useradd
cd /etc
Did you see the entry for your userid in each of these files? Did it make sense what you saw. If not, ask for an explanation:
less /etc/passwd
less /etc/shadow
less /etc/group
vi /etc/sudoers
And look for the line that reads:
# User privilege specification
root ALL=(ALL) ALL
userid ALL=(ALL) ALL
Save the file, and exit your session using "logout" - Log back in as your userid and test to see if you can use "su" in a terminal window:
su - (root password)
And, if this works then your terminal session will now be logged in as root.
su - userid
When you type a command or the name of a program the system looks for this using the shell variable PATH. If the program is a built-in shell program, it will be found. The "cd" command is an example of this. To see what your PATH is set to do:
printenv
But, if you just want to see the PATH variable do:
printenv PATH
The PATH variable is configured during system initialization by the various startup scripts that run. To change the PATH for every shell you start under your userid you can do this in the file /home/userid/.bash_profile.
cd /home/userid
In the new file add the lines:
mkdir scripts
cd scripts
vi hello.sh
#!/bin/bash
#
echo hello
chmod u+x hello.sh
We are going to discuss the commands "chmod" and "chown" a little bit later.
cd /home/userid
Look for the line:
vi .bash_profile
hello.sh
What happended? You changed the PATH and the script "hello.sh" didn't run. But, after you ran the file .bash_profile your PATH changed. Then you typed "hello.sh" again and it ran because the script was now in the PATH. You can see this with "printenv PATH".
. .bash_profile
hello.sh
vi /home/userid/.bashrc
And, go to the bottom of the file and type "o" to add a line and enter in to input mode. Add a line that reads:
alias rm='rm -i';
touch temp.txt
And, what happened? Now when you use the rm command it will ask you if you should remove the file(s), or not. If you don't like this, then you can remove the change from .bashrc, but my advice is that you keep this. I can almost guarrantee there will be a moment when you type "rm filename" hite ENTER and then realize you deleted the wrong file.
rm temp.txt
. .bashrc
touch temp.txt
rm temp.txt
su userid
For this exercise change your session to the userid you created earlier. And, now we are going to run a privileged command, but under your account that does not have the privileges to run it. First the command without privileges:
less /etc/shadow
You should get the message, "/etc/shadow: Permission denied". Now run it like this:
sudo less /etc/shadow (root password)
After you've run "sudo" once with success you will not need to use the root password again (as long as you don't leave your session).
rpm -qa | grep sendmail
Probablemente viste algo como:
You probably saw something like:
sendmail-8.12.11-4.6
clear
If, by chance, your sendmail version is different, then you need to enter it in exactly as it appeared after you typed the command "rpm -qa
| grep sendmail".
rpm -qi sendmail-8.12.11-4.6
clear
rpm -ql sendmail-8.12.11-4.6 | more
cd /tmp
If you want to keep the file you can move it from /tmp to your directory:
rpm -qa | sort > rpms.txt
less rpms.txt
mv rpms.txt /home/userid/.
su (if you are not root)
When you get the ftp login prompt respond with:
ftp noc
anonymous
And, now we'll change directories on both sides and download the file:
usuerid@t1.ws.sanog.org (this can be any address, but something along these lines)
cd pub/fedora/RPMS
Now let's install the package. We are using the default of placing downloaded software that we install system-wide in /usr/local/src
binary
lcd /usr/local/src
get lynx-2.8.5-15.i386.rpm
quit
cd /usr/local/src
Don't worry if lynx was already installed. You should see the main page for our workshop on our noc server. Check out some other sites on the web with Lynx. How do they look?
rpm -Uvh lynx-2.8.5-15.i386.rpm
lynx noc
use "q" to exit lynx
man shutdown
In a terminal do this:
shutdown -r now
Now your machine is restarting. This takes a moment. To stop your machine entirely you can use the command:
halt
Or, also, you can go to initialization level 0, which is the same as "halt". So, if you were to do:
init 0
You would halt your machine. And, restart is the same as initialization level 6, or:
init 6
In addition you can "logout" and use the menu that Fedora provides. Notice that any user that has physical access to a machine can turn off or restart the machine with the system menus that Fedora provides. This is a decision made by most Linux distributions. Normally a standard user has no access to the commands "halt" or "init" or "shutdown" or "reboot" - but, the idea is that if you have physical access you can simply turn off the power or press a button to restart. In this case, it's better for everyone if you use the menu to shutdown or restart a machine in an orderly fashion (i.e. less chance of data loss).
vi /etc/inittab
Find the line that reads:
id:5:initdefault:
shutdown -r now
What happens when your machine starts back up.Type the command:
top
And notice how much RAM you are using. Press "q" to quite.
Now become root and type the command:
init 5
If you wish to start up a GUI. Open a terminal now and type "top" - notice how much RAM you are using. Not using KDE, Gnome, etc. can save quie a bit of system resources and improve your machine's stability and level of security as well as far fewer services will be running.
/usr/sbin/lsof -i
Look at what services are running and the ports they are using. You'll notice that Fedora leaves portmap and rpc.statd running after an installation. These services deal with NFS (Network File System). NFS is very useful, and we might play with it this week, but it's not secure. If your machine is on a public network you should not run NFS or rpc.statd or portmap.
cd /etc/rc.d/init.d
We went to the directory where the various service scripts reside and that run under different run levels. You can run these scripts using the "service" tool, so, also from any directory:
ls
./portmap
./portmap stop
service portmap
Type "portmap" by itself to see the available options. Now let's look at the file that starts portmap:
service portmap stop
less /etc/rc.d/init.d/portmap
Do you see the line?:
# chkconfig: 345 13 87
ls -la /etc/rc.d/rc2.d
This comment is for the command "/sbin/chkconfig" so that it can correctly configure the services with run-levels. If the comment is not there, then you must specify at what run levels a service will run.
ls -la /etc/rc.d/rc3.d
/sbin/chkconfig
Now you will not see portmap in the list of "chkconfig --list" services that run. But the script is still in /etc/rc.d/init.d/, which is fine.
./portmap stop
/sbin/chkconfig --list | grep portmap
/sbin/chkconfig --del portmap
/sbin/chkconfig --del | grep portmap
/sbin/chkconfig --level 345 portmap on
Now you should see something like:
/sbin/chkconfig --list | grep portmap
portmap 0:off 1:off 2:off 3:on 4:on 5:on 6:off
grep statd *
And, it appears that the script "nfslock" is guilty. If you want to know more about rpc.statd and portmap read the man pages, or:
man rpc.statd
One comment. One of the largest security holes in Microsoft Windows is that Windows still uses RPC (Remote Procedure Calls) inside of the OS to communicate between processes. RPC is very insecure. In the Linux and UNIX world most services stopped using RPC years ago for this very reason.
man portmap
./portmap stop (just in case)
Now you are not running two services that were not necessary. Check this with:
./nfslock stop
/sbin/chkconfig --del portmap
/sbin/chkconfig --del nfslock
/sbin/chkconfig --list | grep nfs
lsof -i
July 2004